Apple has issued one of the most unequivocal security warnings in recent years. The latest attacks using commercial spyware are once again successfully bypassing the security of iPhones, and what’s worse – for a large portion of users, there is no longer any fix unless they decide to update their system.
Just before the holidays, Apple patched two critical security vulnerabilities exploited in real attacks. However, data published a few weeks later show that most iPhones remain vulnerable because users have not upgraded to iOS 26. And Apple is no longer offering an alternative.
Update or Lack of Protection
According to data cited as early as December, even 50% of eligible iPhone users have not updated their system from iOS 18 to iOS 26. This trend is not only persisting but is starting to raise increasing concerns in the industry.
Cult of Mac states outright that “iOS 26 has an adoption problem”
PhoneArena notes that “more users than ever are ignoring the latest iOS update”
9to5Mac is even more harsh: “iOS 26 has been available for almost four months, and its adoption is clearly lagging behind previous versions”
According to StatCounter, less than 20% of iPhones are running iOS 26, although TelemetryDeck suggests a more optimistic 60%. Even in this best-case scenario, we are talking about hundreds of millions of devices without current security updates. For comparison: at the same time last year, over 60% of users were already using the latest version, iOS 18, and iOS 17 reached a similar result even faster.
Apple changes the rules during the game
The problem was exacerbated by Apple's decision regarding support for older versions of the system. Many users assumed that – as before – critical security patches would also be provided for iOS 18. However, this did not happen. The update iOS 18.7.3 was made available only for iPhones that do not support iOS 26. For the rest, the choice is simple: update to the new system or lack protection.
“There is no workaround or user behavior that realistically reduces this risk” – warns Darren Guccione, CEO of Keeper Security.
“Updating the system is the only effective line of defense. When patches become public, the vulnerability window quickly widens.”
Why Aren't Users Updating?
This question comes up in almost every analysis. TechRadar reminds us that one of the biggest advantages of iOS has always been fast adoption, in contrast to the fragmented Android ecosystem. However, this time, that advantage seems to be fading. An increasingly cited potential reason is the new Liquid Glass interface. MacWorld suggests that the visual changes may have discouraged users:
worse readability of the interface
small and hard-to-notice UI elements
chaos in the menu bars and navigation
Examples? In Safari, the Bookmarks button has become hard to locate, and on macOS, there's an abundance of small icons with no clear function. However, not everyone is ready to declare failure. Viruss notes that resistance to change is a typical phenomenon among Apple users, and a single wave of data isn't enough to dismiss the new design. Apple is certainly monitoring the situation and may respond.
Not an Image Issue, but a Security One
Regardless of the reasons, the consequences are serious. Analytics Insight warns that delaying updates is exactly what cybercriminals are counting on. Attacks target users who procrastinate on installing patches. Apple is trying to combat this phenomenon, among other things, through new Background Security Improvements mechanisms. However, their effectiveness depends solely on one factor – whether users actually update their systems. Meanwhile, Reddit is full of threads like:
"I never update to iOS 26"
"Why is this update so hated?"
"Am I the only one happy with iOS 26.2?"
Experts have no doubts
James Maude from BeyondTrust leaves no illusions:
“Users must update their system and install patches. These vulnerabilities will quickly become a standard tool for various attacking groups.”
And that is the crux of the problem. This is not a matter of aesthetics, marketing, or Apple's ambitions. This is a matter of real risk, which grows with every day of delay. Updating is no longer an option. It is becoming a necessity.
